03 March 2019

1) ftk imager ->  multiple raw file

2) affuse     ->   /mnt/fuse/multipleRawFile.001.raw

3) mmls  (utk cari partition offset)

4) losetup -> /dev/loop0   (guna partition offset)

5) file -s /dev/loop0    (check partition format)


For Timeline----
1) fls -r -m C:  /dev/loop0 > bodyfile.txt


For Mount
1) mount





ref:
1) https://forensicsferret.wordpress.com/2010/06/28/mounting-split-raw-and-encase-segmented-files-with-affuse/
2) https://digital-forensics.sans.org/blog/2010/09/15/dealing-split-raw-type-images

01 March 2019

command untuk eksploitasi

/usr/share/metasploit-framework/exploit/pattern_create.rb -l 5010
/usr/share/metasploit-framework/tools/exploit/pattern_offset.rb -q



First create folder: !mona config -set workingfolder c:\logs\%p
Command generate: !mona bytearray

!mona compare -f C:\ -a



!mona find -type instr -s "jmp esp" -b 0x6250800



msfvenom -a x86 --platform windows -p windows/messagebox TEXT="say hi" -f python -b "\x00" -v buf


Sebelum masuk kernel exploit

Kena tahu dulu

CFG
Memprotect
ASLR
KASLR
DEP
SEHOP

09 January 2019

kecilkan vmdk

utk guest linux
  - run vmImage tersebut
  - sudo vmware-toolbox-cmd disk list  # utk list senarai virtual disk
  - sudo vmware-toolbox-cmd shrink / # akan shrinkkan vmdk tersebut



utk bantuan
  - vmware-toolbox-cmd help disk

06 November 2018

systemctl

Kek mano systemctl baco konpig pail?

list all service

$ systemctl -a | grep "myservice"



$ systemctl show "mycervice"  | grep -i path